Microsoft Whitepaper: Cloud Privacy Guide
0 likes158 views
Microsoft takes data privacy and security very seriously for its cloud-based business services. It incorporates strong privacy and security features that are rigorously tested and independently verified. These include advanced encryption, secure authentication, tools for data access control and continuity, and adherence to international standards. Microsoft also undergoes regular internal and external audits to ensure its privacy and security controls remain best-in-class. It is transparent about its practices and works closely with customers to meet their diverse privacy and security needs.
Microsoft Whitepaper: Cloud Privacy Guide
- 1. Microsoft Cloud-Based Business Services World-class data privacy and security
- 2. Introduction Data privacy and security are global business imperatives. At Microsoft, we understand and embrace this. That is why we incorporate world-class privacy and security features into our industry-leading, business-oriented cloud services. Microsoft’s business services – Office 365, Dynamics CRM Online, and Windows Azure: • Don’t capture, maintain, scan, index, or mine customer data for any marketing, advertising, or other hidden purposes • Are rigorously tested for, and independently verified to ensure, best-in-class privacy and security • Adhere to the most stringent international data protection standards Protecting Your Data Microsoft employs built-in controls to help our customers address their data security requirements. Some of the features include: • Multiple, advanced encryption tools to safeguard sensitive customer data • Sophisticated identification and authentication tools to prevent unauthorized data access • Systems to ensure data continuity for customers and to offer them easy access to their information throughout the term of service • Tools to enable customer retention and retrieval of their data upon conclusion of service Protecting Your Privacy Microsoft uses cloud service customer data exclusively to provide its customers with state-of-the-art cloud services. Microsoft enables customers to meet the legal and regulatory requirements expected when using cloud service providers, and often surpasses the data protection standards recommended by privacy and security professionals. In addition, Microsoft helps its customers meet the data privacy and security standards required for specific regions and within certain regulated industries. Controls include: • Restricting customer data access to essential personnel • Logging and authenticating customer data access • Employing industry standard practices to identify users accessing information systems • Notifying customers of any new subcontractors with authorized customer data access
- 3. Going a Step Beyond with Independent Audits Microsoft constantly subjects its cloud services to rigorous internal and external audits. These audits and resulting certifications ensure that Microsoft is meeting its data privacy and security commitments, and that Microsoft’s data privacy and security controls remain the strongest in the industry. Some of Microsoft’s efforts in this area include: • Certification of Microsoft data privacy and security controls under strict international standards • Verification, by independent audit, of Microsoft’s adherence to data privacy and security controls, including an annual audit of Microsoft’s physical data centers • U.S. Government review and certification of Microsoft’s data privacy and security controls, ensuring Microsoft’s Office 365 and Windows Azure meet certain federal information management and security standards Transparency Microsoft is committed to openness and transparency with our customers. We keep our customers informed about the processes we have put in place to protect data privacy and security. Key elements of Microsoft’s transparent approach include: • Sharing details about Microsoft cloud service data privacy and security practices and policies • Sharing a summary of an independent audit of Microsoft cloud services, when requested • Sharing high-level information concerning the geographic location of Microsoft data storage facilities and where customer data is stored • Seeking and receiving validation from various data privacy regulators that Microsoft’s contractual commitments to cloud service customers meet relevant data protection standards Meeting the Needs of Our Customers • The needs of Microsoft’s customers are diverse and demanding. We collaborate closely with our customers to understand those needs and meet them. Microsoft’s commitment to data privacy and security means that customers in industries with advanced privacy and security needs, such as healthcare, education, and financial services, can use our cloud services with confidence. © 2013 Microsoft. All rights reserved. 12/2013